The Senate is working on a bill to secure election infrastructure against cybersecurity threats, but, unless amended, it will widely miss the mark. The current text of the Secure Elections Act1 omits the two most effective measures that could secure our elections: paper records and automatic risk limiting audits.

Cybersecurity threats by their very nature can be stealthy and ambiguous. A skillful attack can tamper with voting machines and then delete itself, making it impossible to prove after the fact that an election suffered interference. Paper records ensure that it is possible to detect and quickly correct for such interference. Automatic audits ensure that such detection actually happens.

Paper Records: Many states still use unsafe voting machines that record votes in only one place: overwritable storage devices like a thumb drive or SD card. Our top priority for election security needs to be funding replacements for these machines. Those replacements must provide a paper trail of each and every vote. The most straightforward and efficient way to do so is voter-marked paper ballots combined with optical scanning machines.

Risk Limiting Audits: Besides building a paper trail for each and every vote cast, actually checking that paper trail must become an automatic part of every election. This is made practical by the most important innovation in election security in recent years: risk limiting audits. Done properly, risk limiting audits allow us to achieve high confidence that an election result is correct through the audit of a small, well-chosen sample of ballots. This makes audits cheaper and quicker, allowing them to be part of every election. Regularizing these audits will increase voter confidence in our democratic system.

Related Updates

The ability to vote for local, state, and federal representatives is the cornerstone of democracy in America. With mid-term congressional elections looming in early November, many voices have raised concerns that the voting infrastructure used by states across the Union might be suspect, unreliable, or potentially vulnerable to attacks. As...

Right now, the U.S. Senate is debating an issue that’s critical to our democratic future: secure elections. Hacking attacks were used to try to undermine the 2016 U.S. election, and in recent years, elections in Latin America and Ukraine were also subject to cyber attacks. It only makes sense to...

Election security experts concerned about voting machines are calling for an audit of ballots in the three states where the presidential election was very close: Michigan, Wisconsin and Pennsylvania. We agree. This is an important election safety measure and should happen in all elections, not just those that...

Most of the internet’s most popular voter registration sites make no promise to not turn and sell your information to advertisers, a Vocativ analysis has found. Of the nine major voter registration sites surveyed, only vote.gov, maintained by the U.S. General Services Administration, explicitly promises to neither...

“Honestly, the real answer is 'it depends.' Marking election systems as critical infrastructure might help us begin to make them more secure, but not necessarily. And federalizing election systems could make us less secure by creating fewer points of failure. But overall, [the Electronic Frontier Foundation] and our colleagues at...

Buenos Aires is currently in the middle of electing its mayor and city council. With a first round that took place on July 5th, and a second round due on July 19th, the election is the first time Argentina's capital city has used an electronic voting system called...

A security flaw in New South Wales’ Internet voting system may have left as many as 66,000 votes vulnerable to interception and manipulation in a recent election, according to security researchers. Despite repeated assurances from the Electoral Commission that all Internet votes are “fully encrypted and safeguarded,” six...

Three years ago, I wrote of the controversy surrounding the use of Electronic Voting Machines (EVMs) in India. A study by 2010 EFF Pioneer Award winner Hari Prasad and others showed that the EVMs could be hacked. For his troubles, Prasad was charged criminally for alleged theft...

EFF and a coalition of voting integrity groups representing Sarasota County voters filed suit in state court in Tallahassee asking for a re-vote in Florida's 13th congressional district. The suit alleges that thousands of citizens were disenfranchised when massive under-votes plagued the tight congressional race between Democrat Christine Jennings and...